Android Malware: Alcatel-Lucent Diagnoses Plague

MADISON, Wis. — If China is worried about the security of Android phones (so much so that it was compelled to launch a homegrown OS), Alcatel-Lucent's latest malware report might have just made the case for all that costly angst.

The latest Malware Report put together by Alcatel-Lucent's security team says that more than 11.6 million mobile devices are infected worldwide, and 60% of them are Android smartphones. Most of the rest are Windows computers tethered to mobile networks through USB dongles, MiFi, or mobile phones. Less than 1% of the infections affect other devices, including iPhones, BlackBerrys, and Windows Phones.

The number of Android malware samples in Alcatel-Lucent’s database increased 20 times in 2013. In fact, it doubled in the fourth quarter.

The report explains why Android is becoming the target of choice for malware, how the nature of Android malware is changing, and what to expect next.

Focus on security of networks
One factor that's unique to Alcatel-Lucent's methodology is that the telecom gear provider is leveraging data it collected from carrier networks where its telecom equipment is installed. Considering the broad penetration of Alcatel-Lucent equipment in the global network, the company says its research results reasonably represent the reality.

"We applied intrusion detection technologies, often used by enterprises, to carriers' network traffic and cloud space," Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, told us. Other reports might focus more on protecting end-point consumer devices, but Alcatel-Lucent's team concentrated on the security of service providers' networks.

Kindsight Security Labs, an Alcatel-Lucent spinoff now back with its mothership, develops security analytics and services. The team monitors the traffic and behavior of malware communication, to detect threats in networks.

Kindsight, which has been tracking the mobile infection rate in carrier networks on a monthly basis, saw it climb from 0.45% at the beginning of the year to 0.55% as the year progressed.

By applying this percentage to 2.1 billion smartphones currently in use (according to ITU estimates), Kindsight Security Labs estimated that "11.6 million mobile devices are infected at any time." However, the team suspects that actual numbers are much bigger. "Alcatel-Lucent sensors are not deployed in China and Russia where infection rates are known to be higher."

Kindsight revealed the exponential growth of Android malware by sharing the number of samples in the company's database.

Kindsight Labs said a key driver of infections in mobile space is the "Trojanized app." In the Windows/PC world, cybercriminals have to create thousands of variants to bypass antivirus software, but the sophistication of most Android malware remains rather primitive. Yet mobile infections seem far easier to spread, according to the report. "Often, we will discover a third-party app store distributing a single malware type disguised as hundreds of different wallpaper apps." Simply increasing the number of apps the attacker can get out there "increases the probability of the app being downloaded and installed."

Despite its crudeness, the damage from Android malware can be serious. The report gave examples of a "Banking Trojan" going after credentials, "SMS Trojans" that can send messages to premium numbers that "can add up to large bills," and "Fake Security" apps using direct extortion to make money.

Mobile malware today makes no serious effort to conceal itself ("hoping someone installs the infected app"), but the report cautioned that "2013 saw a number of Android malware specimens that are beginning to show the sophistication that we see in their Windows cousins."

Android does not have malware problem. The malware problem comes from Google's policy of not reviewing apps. So, anyone can post anything in the store. Unlike Apple Store which is reviewed and then approved, Google allows anything to get through. Perhaps, they cannot spend few dollars to hire college grads that can look for malware and other issues before approval.

Yes, it makes me sick to think if any one in my famil or among my circle of friends were to install a spyware in my phone. But it makes even sicker to stomach that it doesn't matter, who it is, but anyone is capable of doing surveillance on us all...

Uh oh....does this mean Apple once again gets the reputation for being the least attacked? Or is iOS getting hit, too. (Remember when having an Apple computer meant not getting hit by as many viruses as PC)

"Of course, it can be a legitimate usage if you do this on your children's phones. If you do it on your husband's phone, it's kind of on the edge, but if you do it on the phones of your business partners or strangers, it's beyond that borderline."

What a statement ... I don't know what's worse ... that a business partner is considered to deserve more respect than a husband or that it's considered somewhat OK to install spyware on the husbands phone. How sick is this ? In my POV it's on the edge to use this against your children. Used to be possible to raise them without total surveilance. Now in certain extreme cases - maybe, so "on the edge". But if you start surveiling your husband - where does that end ? Better get a divorce. Sometimes the human "race" seems to be "beyond salvage" ...

I think a lot of us have known how Android phones are prone to get infected with malware. What this report tells us, however, is how easy it is for such malware to spread, how the nature of the malware is changing and how much more damange it can do in the future.